Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-36433: GitHub - afine-com/CVE-2022-36433: Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.

CVE
Open in Source
#xss#git#java
CVE-2022-36137: ChurchCRM Version 4.4.5 — Stored XSS Vulnerability at sHeader

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.

CVE-2022-41676: 村榮資訊 雷電MAILD Mail Server -- Cross-Site Scripting

Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.

CVE-2022-36136: ChurchCRM Version 4.4.5 — Stored XSS Vulnerability at Deposit Commend

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.

CVE-2022-45214: CVE/CVE-2022-45214.txt at main · Rajeshwar40/CVE

A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.

CVE-2022-45223: Web-Based Student Clearance System in PHP Free Source Code v1.0 — Unrestricted input leads to xss

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.

GHSA-395x-wv32-44v5: baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability

There is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. ### Target baserCMS 4.7.1 and earlier versions ### Vulnerability Execution of malicious JavaScript code may alter the display of the page or leak cookie information. - In Favorite registration (CVE-2022-39325) - In Permission Settings (CVE-2022-41994) - In User group management (CVE-2022-42486) ### Countermeasures Update to the latest version of baserCMS ### Credits - Shogo Iyota@Mitsui Bussan Secure Directions, Inc. - YUYA KOTAKE@CARTA HOLDINGS, INC.

CVE-2022-46147: XSS Issues in Xblock Input Fields

Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds.

CVE-2022-4169: Vulnerability Advisories Continued - Wordfence

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.

CVE-2022-44284: Dinstar FXO Analog VoIP Gateway DAG2000-16O Cross Site Scripting ≈ Packet Storm

Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).